1. Field of the Invention
The present invention relates generally to storage of data, and, more particularly, to the automated management of data storage to ensure compliance with various mandatory data storage retention policies and regulations.
2. Description of Related Art
There are many small and middle-sized businesses (SMBs) that make use of data storage systems for storing business-related data. Even though these companies do not have large budgets or human resources to devote to storage of data, in a number of industries it is mandatory for them to be compliant with various laws, regulations and industry standards for the storage and retention of data. Examples of some such government regulations that require long-term data preservation include SEC Rule 17a-4, HIPAA (The Health Insurance Portability and Accountability Act), and SOX (The Sarbanes-Oxley Act). The data required to be preserved is sometimes referred to as “Fixed Content” or “Reference Information”, which means that the data cannot be changed after it is stored for at least a predetermined retention period.
Large companies usually build necessary storage systems at their own data centers, and are able to afford sufficient training of storage administrators for managing their business data properly so as to comply with the regulations for their particular industry. However SMBs do not usually have the resources to spend similar amounts on storage systems and storage management personnel as large companies. Therefore, SMBs in some cases might not even be aware of how their respective business data should be managed to comply with the various regulations targeted to their business field, and even when they do understand what is required for compliance, SMBs may not have sufficient storage resources to meet the applicable regulatory requirements.
One solution for SMBs in this situation, rather than buying the storage equipment and training their own personnel, is to pay for a service whereby their respective business data will be appropriately managed by a storage service provider (SSP). The SSP owns and manages the actual storage equipment and employs expert storage management personnel that can manage the storage equipment and storage parameters to meet specified regulations and storage requirements for a particular industry. Generally such services cost less to a SMB than building its own storage system and hiring storage administration personnel.
However, an issue remains with this arrangement, since, because the SMB does not usually know details about how each form of data should be managed, the SMB cannot always order correct storage services specifically from the SSP. In such a case, the SMB needs to have some consultation with experts inside the SSP or with outside experts. However, such consulting fees can also pose a substantial cost for SMBs. Furthermore from a SSP's perspective there may be a large number of SMB companies, such that consulting individually with them on a one-by-one basis is not always a realistic way of determining the SMB's needs. Thus, it would be useful for both SMBs and SSPs to have an automated solution that directs a SMB user appropriately with regards to storage management requirements for data which is to be compliant to the related regulations for a particular industry.
There are known storage devices and solutions that enable a variety of types of data management for data storage and archiving for achieving regulatory compliance. For example, it is known to have storage arrangements implementing a WORM (Write Once Read Many) function that prevents over-writing of the data. These WORM systems may include a preservation function that retains the data for a specified period of time, and a shredding function that erases the data after the expiration of the retention period. Also, a remote copy arrangement may be required in some situations for copying data between datacenters located a long distance from each other to achieve compliance.
In addition, there are some services already implemented by SSPs that provide a user with specified characteristics for storage capacity or even remote copy service of the data. However, these do not solve the essential issue mentioned above, namely that the current solutions require knowledge for the setting of the actual parameters for the configuration of the storage systems, and many of the people at SMBs do not know or understand how to specify these parameters. Thus, there is no automated solution for determining which data class defined by a regulation corresponds to the user's data, and there is no automated solution for determining the actual parameters to be specified to the storage system for each data class. Also SMBs may need to prepare evidence of compliance that shows that their data was appropriately managed in case such evidence is required for auditing or inspection purposes. Thus, a need exists for an automated system for determining a user's storage requirements and for automatically setting parameters in the storage system to ensure compliance with the requirements.